Spam calls have plagued modern society for years now and are only getting worse. With the availability of generative AI technology to anyone, bad actors have started using it for evil.
If you haven’t seen Obama playing Minecraft or Plankton from Spongebob singing Rolling in the Deep, you may be unfamiliar with artificial intelligence voice synthesis. Artificial intelligence voice synthesis is a voice changer or text to speech program that uses AI learning models to mimic someone’s voice. Think of it like when you speak through a fan and your voice sounds like Darth Vader, but instead of a fan you use a computer and now it sounds like Taylor Swift. Apple introduced an accessibility feature that uses the same tech in iOS 17 that allows for mimicry of one’s voice with less than a minute of recording. In this case, it can be used for good. For example, someone with a speech impairment can use it to talk to someone by only typing into their phone.
With all that said, this tech can also be used for some very nefarious purposes. A new trend among spam callers is using the voice of a loved one, or someone you know to trick you into giving away personal information and sending money to the scammer. This is done by taking a model of someone’s voice who is known to be connected to you and calling you with their voice. It is important to be suspicious of any call that you get from an unknown number and with this new technology, one needs to be extra careful. If you still need to answer unknown callers for work or otherwise, a common work around is to set up a code word or phrase with your loved ones and friends. For example, if I were to get a call from an unknown number with the person claiming to be my mother and sounding like my mother too, I would ask them, “Do you remember our code?” and if she responded with the code we agreed upon, I would know it is legitimate.
Overall, it is wise to be wary of any unknown phone numbers. Using common sense when receiving asks for money or other critical personal information goes a long way in stopping you from becoming the next victim in a scam.
Ever gotten a call from Microsoft, Apple, or Amazon about your computer being infected or a recent purchase you made? While computers have gotten (by many measures, anyway) more secure over the years, for many would-be attackers, the human is now the easiest part of the puzzle to solve. Large, elaborate scams today have been built around the premise of tricking users into divulging credit card numbers, account login info, and other sensitive pieces of information by imitating familiar companies claiming to be reaching out for security purposes. Using some particularly difficult to dismiss pop-up ads, sometimes these grifters will even try to get you to call them directly, with warnings of viruses or other such problems blaring at you from an often-legitimate looking error screen. Others will simply email potential victims directly, using stolen accounts disguised with a quick name change or an email account with an address close to a legitimate one. The tactics used and the avenue taken by these scammers is manifold, but generally, there are a few rules you should stick to.
Avoiding Scams
For one, you can almost universally write-off any phone calls from most of these large companies as being illegitimate – they don’t have the time, resources, or incentives to reach out to you regarding something specific to your computer or account. Secondly, always double check the email address (rather than the name attached) or phone number on any of these messages to confirm it is who it claims to be. Oftentimes, the number or address will be completely wrong, or in more sophisticated cases, it may only have a single letter out of place. The contents of the message may also contain spelling or grammar errors, which (generally) large companies do their best to avoid in contacts with customers. Finally, where possible, contact the company / financial institution / individual directly using a method you can verify to be legitimate. Never follow any links from, or call or reply to any phone numbers or email addresses provided in, a message containing any such notices.
No, You Didn’t Buy That $500 Antivirus: The Erroneous Charges Trap
We’ve been seeing a lot of fraud and scammer activity lately, so we wanted to warn about some of the common tricks and traps we’ve seen. “Call Center Scammers” are unfortunately nothing new. Just about everyone, whether they’ve realized it or not, have encountered these types of swindlers in some form or another, including the erroneous charges trap.
For some years now, the most common thread we’ve seen have been tech support scams. In this type of scheme, criminals will try to trick users into handing over control of their computer by pretending to be “support staff” for Microsoft, Apple, Google, or another large-scale tech company. They will do this by either directly calling you (often spoofing a number in your area code so as to not raise suspicion) or by putting a pop-up advertisement out on the internet that will, once stumbled upon, prevent you from closing it and display threatening and official-sounding warnings about your computer, with a phone number to call to “fix” whatever issue the scammers are claiming your computer has. Once they get you on the phone, they will do their best to convince you that your computer is having some sort of issue, and that they are going to fix it for you. No matter what, the most important thing to remember with these is that most of these companies will ever contact you for any reason, let alone a computer issue, and anyone claiming to be calling from them is trying get one over on you.
Which brings us to one of the schemes we have been seeing more recently. An exception to the above rule is a company that does contact you regularly regarding bills – such as an antivirus provider, for example. One of the most common scams we’re seeing now is formatted very much the same way as the previous one, but instead of luring you in with threats of a problem needing to be fixed, they lure you in with the threat of a double-billing or a purchase you didn’t mean to make. These types of scammers will typically disguise themselves as Norton or McAfee and will send out Emails and alerts about large payments made for service that they want you to think you’ve purchased. If you contact them to dispute the charge, they will often indicate that the charge was made in error, and offer to refund you. In order to give you your money back, all they need is your banking information… and you can probably see where this is going. Other times, they won’t directly raise the red flag by asking for this information outright, instead “sending the refund” and making it look like they accidentally gave you too much money. The scammer will then plead with you to send back just the amount they overpaid in the “refund,” implying legal consequences for you, or in really low cases, pretending they’ll be fired if they cannot get the overpayment back. This is all an elaborate ruse to get you to send them money, as you’ll find no such transaction actually went through at the end. Similar scams are also known to take place pretending to be Amazon or the like, those these are often more obvious due to their commonality.
As unfortunate as it is, the best way to stay safe on the internet these days is to just assume anyone trying to contact you unsolicited is suspicious. Many cybercriminals have realized that, as secure as many computer systems have become in recent years, the easiest thing to do now is focus on tricking the person behind the screen.
Having a backup of your computer is always important because, sooner or later, your device will fail. This is a lesson many computer users learn too late – only after they’ve lost something do they ever realize the vulnerability of their information, or the extent of what they can lose. However, not all backup programs are created equal; some programs back up specific files and folders you point out, while others back up any files they can reach. Some require manual input on your part, while others work automatically on a schedule. Either way, it can sometimes be hard to tell if you have everything, and if the backup is even consistently up to date. If your hard drive were to fail tomorrow, you may have some or all of your files – but what about your programs, your accounts, and all of the other little details and settings you’ve changed? Do you still have that disk for that copy of Microsoft Word? What about the license for that old copy of Photoshop? Will you remember how your contacts and email accounts in Outlook were organized? When you’ve only got one life raft, it’s very good to know that there aren’t any holes in it. Here at RGB, there’s really only one tool that we put our complete faith into: a program called Macrium Reflect.
Macrium Reflect is a backup program that doesn’t just back up your files elsewhere, it backs up everything that makes your computer yours. From the user accounts with the data in their folders, to the programs you have installed, to the operating system itself, Macrium creates what’s known as an “Image” – an exact copy of the computer’s storage. With a level of detail like this, a Macrium Reflect image can be used to restore everything on your computer to the exact way it was at the time the backup was made.
Being able to restore everything as needed prevents a lot of hassle and heartache for when things eventually go wrong, and Macrium has some built-in tools designed specifically to counteract common situations. When failures do occur, they often happen without warning. People aren’t perfect; even those who have a habit of backing up their computers manually might not do so consistently or often enough. Scheduling backups to occur automatically can be very useful for this exact reason, and Macrium notifies you whenever a backup is about to occur, while keeping logs of its activity so you can always know how up-to-date your backup is. Aside from hardware failures, dangerous viruses have picked up on the idea that a person’s data is valuable in its own right, and have been making a habit of taking people’s files and holding them hostage recently, as well. These “Cryptoviruses,” a type of Ransomware, are known to scramble your files, locking them and demanding hundreds or even thousands of dollars for the key. For these situations, Macrium Reflect has a feature called “Image Guardian,” which puts a lock of its own on your backup images, making it so they cannot be scrambled in the event you’re afflicted by one of these threats. Even internally, whenever we are making some changes that carry risk, we make an image first – so if something goes wrong, it can be perfectly and completely undone.
While restoring your computer to its original state in the event of a failure is helpful, what if your computer is utterly destroyed? From liquid damage to drops and electrical problems, sometimes a computer cannot be effectively salvaged or repaired. For these situations, Macrium has a few more tricks up its sleeve. For one, any image can be mounted on any other computer running even the free version of Macrium, allowing you access to the contents of that backup, including any files or folders you had at the time. If you need the data while you’re still between computers, you can get any of it out just as if you were plugged into the broken computer. For those running the Professional versions of Windows, Macrium can even get your image up and running in what is known as a “Virtual Machine.” This program functions like a simulation of your broken computer, letting you run the programs installed on it and see it as it was when it was still functional, all inside of a window like any other piece of software. Macrium’s images and redeployment features work in such a way that, with the right skills, they can even be restored to a new computer completely different in shape, size, make, or model from the original computer. This can save enormous amounts of time, allowing you to get everything to exactly how it was previously – without having to spend countless hours reinstalling all of your software and setting everything back up again in just the right configuration.
It’s important to remember that data loss is never a question of if, but when. Not letting yourself be just another cautionary tale requires preparation, and Macrium can help ensure you’re ready when the unexpected happens.
We’ve all been here before: We run into a problem, technical or otherwise, and we’re unsure how to proceed, so what do we do? We search the internet for answers. In our search, we come across a number of results that look promising – some of them may even fit the bill exactly, and we think we have our answer. But one thing many people come across, sometimes without even knowing it, is a false search result – a listing that’s either mostly unrelated to what you’re actually searching for, or worse, a listing that is meant to deceive you into believing it’s what you’re searching for, with malicious intent. So, how can we know when we come across deceptive search results?
In both cases, many of these results can appear near the top of the lists for a number of reasons. One of the most common reasons is a practice carried on almost universally, and that is to offer higher search placement to people or companies willing to pay for it – this way, the search engine can make money and the company buying the advertising gets seen by more people who might be looking for something relevant to their services or products.The danger comes when more objective search terms get bought out by illegitimate sources, and seek to mislead people into paying for service from them that might otherwise be better or outright free from the real source. One of the biggest cases of this is in searches for a tech company’s support. Whether it be a major manufacturer like HP, Dell, or Apple, or a software developer like Adobe, Intuit, or Microsoft, many of these illegitimate companies and results are tailor-made to target people looking for help from these sources.
Below is such an example of several advertised results coming up before the “real” or “intended” listing.
As you can see, the real “Microsoft Support” shows up in fifth place in these results. In the case of any major search engine, some of these advertisers can be very dangerous. Some of the above results, for example, could be tech support scammers the same as the types who have plagued users with unsolicited calls for years. Unfortunately, if you don’t know as much, there’s a good chance you’ll run into them or those like them eventually.
Usually, the best way to handle such searches is to look for signifiers that certain results may be advertised. For many search engines, advertised results will often have a small icon underneath them that says either “Ad” or “Sponsored”. Even if it isn’t necessarily a sponsored listing, there’s always a chance it could be dangerous – so if you’re looking for support from a company, it’s usually best to go straight to the company’s website. Paying attention to the actual address below the listing’s title can save you a good deal of confusion. In the case above, the only Microsoft websites are the ones with the green address listed as “support.microsoft.com”. Keep this in mind when you’re searching.
Around this time last year, we addressed a very common trend that we were seeing involving popups and scareware hijacking people’s computers while they were browsing the internet. These popups, such as the ones below, are a facade meant to convince you that your computer is either infected by a virus or at risk of serious damage. Their main goal is to get you to either download a program that will then ACTUALLY infect your computer, or call a “Support Number” wherein a call center operator will then remotely access your computer and either lock it down and hold it for ransom or “Fix the problem” and then charge you several hundred dollars for the “Service”.
Some of the most common offenders’ designs.
Seemingly innocuous messages warning of viruses.
Imitation virus scanners claiming the presence of a number of threats.
Loud colors and bold warning messages.
We get calls every week from people encountering this issue, and the prevalence of these sorts of problems has only increased over time. They affect nearly every class of user across every platform; from Windows to Mac OS, iPhone to Android, no one that browses the internet is immune to this sort of encounter.
So what can we do about it?
Unfortunately, not much – many of these people are far outside U.S. Jurisdiction for legal action, and the diversity, profitability, and widespread nature of these types of scams make them very popular and difficult to decisively put down. As a result, the best type of security against such attacks are awareness and user preparedness. Everyone knows someone who has been assailed in such a way, so it should be important to remember how to get out of such a trap.
We won’t go through the tells that will allow you to identify such a scam as we did last time, but instead leave it at thus: ANY pop up you get while browsing the internet warning of critical errors or viruses, and telling you to download something or call someone should be looked at with extreme skepticism. As far as incoming calls go, remember this: no brand or company will ever call you – this goes for all types of phone scams going today; neither Microsoft nor Apple, Windows nor Mac, Dell, HP, or anyone else has the type of information to know you may have a virus or the capacity to be receiving errors. Additionally, they do not have the type of manpower (or even the necessary information in many cases) to cold call their customers, nor do they have any desire to do so.
There are, importantly, a few methods of escaping these popups, which are important to go over again.
Method one is available to most users running a third-party internet browser; if you are running Google Chrome, Mozilla Firefox, or Opera Chromium, the option to “prevent this page from creating additional dialogues” will be available as a little checkbox at the bottom of the notification that seems to keep opening no matter how many times you close it. Checking it and acknowledging or closing the notification one more time will prevent it from appearing again, allowing you to simply close the page normally.
Method two is available to all users, but requires you forcefully close the process of your internet browser which, if you keep multiple pages open at a time, can cause you to lose whatever you are doing on the other tabs of your web browser. On your keyboard, pressing CTRL, Alt, and Delete (DEL) at the same time on a Windows PC will allow you to open the task manager. From there, simply choosing your internet browser and clicking on “End Task” will force it to close, allowing you to simply reopen it and continue working.
For Mac users, pressing the key combination of Command, Option, and Escape (esc) allows you to activate the equivalent function, “Force Quit”. From that windows, simply selecting the program you wish to close and clicking “Force Quit” will accomplish the same result.
Method three should only be used as a last resort. It’s simple to execute, but it can potentially cause problems if you perform it while your computer is updating or installing something, and can at least cause you to lose data if you are editing documents or files that haven’t been recently saved. In this case, simply holding down the power button on either a Mac or PC will force it to shut down, and the problem should be gone upon restarting it and logging back in.
Now in some cases, especially those in which you may have inadvertently installed something, you might be afflicted with something known as a “Browser Hijacker“, or “Scareware“. These pieces of software are some of the more extreme measures such call center scammers have been using in recent years, and they usually have the effect of forcing the error message or popup to appear every time you start the computer or open your web browser. If this happens, or you have questions or concerns about such pop ups, it is usually recommended that you consult your local technician.
A lot of Microsoft’s talk about Windows 10 has been dedicated to its enhanced security features and has even gone so far as to make the claim that a third party antivirus is no longer necessary for Windows users. Windows Defender was originally provided as a free download from Microsoft for the Windows XP platform, but it has recently been completely rebuilt and overhauled for Windows 10.
Now, it is true that the effectiveness of Windows Defender has been improved dramatically over previous versions, and the platform has a lot of advantages over other mainstream antivirus products, especially among its free peers. In addition to this, its actual effectiveness at stopping malware in its tracks is good, too. It will nab the vast majority of dangers on the web, and it gets a lot of help being the native favorite of Windows. However, the bottom line is, among the top performing paid antivirus products on the market, Windows Defender does fall somewhat short of some of the others. Is it bad? Not by a long shot. But does it still have room for improvement? Definitely.
As we’ve already established its performance as being sufficient for most potential threats, albeit not to the same degree as some higher-end products out there, it’s important to mention its advantages and its potential improvements over other products.
For one thing, it doesn’t bother you and ask you for money on a regular basis. It’s free. That alone is enough for many people. Not only that, but it’s “free” in the literal sense, and not in just the “doesn’t cost money” sense. Many other “free” antivirus programs out there, while not actually charging you for money, will often do everything from continuously harassing you to buy their premium editions, or even installing junk software and useless or annoying programs on your computer in addition to themselves.
Secondly, it ships with Windows. Every new Windows machine has it pre-installed. This saves users the hassle of even having to make a decision or go looking in the first place. And in this day and age of look-a-like knockoffs, trojan horses, and misleading website adverts, not having to go looking for this piece can save you a lot more trouble than just finding the website download page.
Thirdly and lastly, it’s built to fit into Windows 10 rather well. It does not take up much space, it does not use many resources, and it does not constantly pop up asking to be updated to the latest version. It updates automatically and quietly, just like Windows itself does these days, and that’s a good thing. The less direction you have to give it, the better. And as it stands, no antivirus is as silent a protector as Windows Defender.
So, if you prefer a quiet, lightweight, well integrated, and free antivirus, give Windows Defender a try. It might not be the best out there, but at its huge price tag of $0 (both in terms of your money and your trouble), it’s definitely a tough one to beat.
For the past 20 years or so, websites and applications across the world have relied on platforms such as Shockwave, Java, Flash, and Silverlight to show everything from video games to interactive graphics and financial graphs. Although many have declined in use over the past decade, most of the computers in the world still run Java or Flash Player, but the vast majority of people don’t know what either of them are for, only that they might be “important”. For this reason, it is important to understand more about Flash and Java updates.
Unfortunately, the almost universal adoption of these two programs opens up an easy target for scammers looking to steal user information or fool people into installing less than legitimate programs on their computers. The weakness comes from both sides in the form of updates for Flash,
as well as Java.
As far as the first group is concerned, their objective is to hit people who have not updated in a while, and who still have outdated versions of either program, in attempts to exploit glitches or chinks in the program to their advantage. This is usually with the intention of stealing valuable information such as credit card or social security numbers, online banking logins, et cetera. For this group the best defense is to always stay up to date and never open any emails from senders you don’t recognize. Frequently, links or attachments to any such exploits are sent via email in a message that may seem completely innocuous.
Now, this brings us to group two. Group two relies on the fact that most people have Flash and Java, and most people wish to keep them up to date, and so disguises their malicious or unwanted software as Flash or Java in order to trick people into downloading them. This method is typically more prevalent than the first, and ironically takes advantage of people’s fears concerning not being up to date and protected. More often than not, these types of illegitimate “updates” are shoehorned over webpages in the form of popups such as the one below.
The average person might see this and choose to download the “update”, believing it to be to their benefit. However, at the very least, the resulting program will be annoying, and at the very worst, dangerous to your security. The best defense against these types of attacks is to never download anything from a popup, and to always take careful notice of details in the popup itself. Ask yourself, “does this look legitimate?” Comparing the two Flash “updates” above, we see that the bottom one has several tells that indicate it’s not what it says it is. For example, the bottom one lacks any sort of officially licensed Adobe markings or insignias, is filled with jargon intending to sell itself rather than inform users of improvements, has no option to install the update later, and it possesses no End User License Agreement.
All the same, it’s usually best to avoid any sort of popups claiming to be updates or “free downloads” if possible. When you see a popup, even one that seems legitimate, there’s a fool-proof way of telling. Go straight to the developer’s website for the product, whether it be Flash or Java, and you can get the latest version from adobe.com and java.com, respectively.
We all remember the classic Mac Vs. PC advertisements of the late 2000s, where you would see casual “I’m a Mac” asking “I’m a PC” about all of his many problems. PC would then go on an awkward tirade about his glaring flaws and his “this just represents the status quo when you’re a PC” mentality. With an incredulous look on his face, Mac proceeded to recapitulate how “woe is you” PC’s existence was, and then outline a series of ways in which Mac doesn’t experience this problem or that. Of the many claims made therein, one huge drawing point Apple always made sure to underline was the invulnerability of Macs to malware-based threats. Commercial campaigns belonging to the Mac Vs. PC series ended several years ago, and yet many people still assume that Macs are immune to pretty much any threat. The truth is, although a virus by definition typically won’t pose a threat to a Mac, most people tend to mistake a “Virus” for the broader term of “Malware“.
In many cases, malware does not even have to be written for Mac OS to be able to get in. Especially in cases where Java or Flash are involved, nearly any device running either runtime can be vulnerable. Not only that, but many forms of pervasive Adware, which can be just as annoying to deal with, have been designed exclusively for the Mac environment.
When it comes to actual vulnerabilities that can be exploited, both Mac and PC have become increasingly more secure as time has passed, and relatively few major breaches occur compared to years past. However, devices running Mac OS are still just as crippled as those running Windows in probably their greatest vulnerability: You.
Many threats, from online scams, to phishing and identity theft schemes, to malware and trojan horses, are designed with minimal or no intention of breaching or otherwise exploiting a vulnerability in software design. Instead, they aim to trick or convince users of their validity, and then, once they have your unwitting permission, they carry out their purpose, whatever it may be.
Avoiding Malware Threats
At the end of the day, the best defense against malware is a conscientious user. Gone are the days of click and think; the best practice today is to think before you click. Always remember to read what’s on the screen, especially looking for the fine print – and ask yourself when you’re installing something, “Do I need to install this program? What purpose does it serve? Am I getting only what I’m asking for?” If you’re unsure of something, or a program looks fishy, don’t take the risk. Call a professional or your local technician and inquire.
Were there a ranking for the most dangerous and show-stopping malware, the various types of Ransomware, and especially Cryptoviruses, would top the list. Imagine this scenario:
You’re browsing the internet, maybe watching a Youtube video, checking Facebook, playing a game, or maybe even reading some Emails, when a program pops up telling you that it’s time to update an innocuous program such as Adobe Flash Player. You think to yourself, “Sure, Flash is pretty important, I’ll update it.”
You continue going about your business when suddenly, your computer locks up and a window like this appears.
Now, to most people, this will be pretty jarring. As if the accusations were not startling enough, the page also turns on the user’s webcam and displays a live video feed, as if collecting video evidence. However, the page is a clever ruse designed to convince users that the FBI (or some other government organization) believes that they are guilty of a crime and requires them to pay a fine to avoid criminal charges or jail time. Rebooting the computer does not solve the problem, as the virus starts with the afflicted computer. The computer remains locked until the “fine” is paid, and in some cases paying might not even unlock the computer. Now, this type of virus is much more invasive and troublesome to defeat than most, and even harder to avoid. However, in most cases, an experienced technician can find a way around it, so that it can be removed.
CryptoLocker, CryptoWall, and other Encryption Viruses
On the by and large, Ransomware can usually be defeated in relative brevity by technicians with the proper set of knowledge and tools at their disposal. But what happens if the virus does more than just lock up your computer?
A Cryptovirus is one type of Ransomware that not only locks up the user’s computer, but encrypts all the user’s data as well. When the data (which can range from pictures to Word documents to AutoCAD work files) is encrypted, it becomes unreadable and inaccessible unless the person trying to open the files has the decryption key. This can be pretty problematic, as even if the virus is removed, the data will remain encrypted.
What Can Be Done?
Most of these dangerous programs encrypt the files of the victim’s computer with a heavier encryption than the average bank, so trying to crack it is not only unfeasible, but practically impossible.
If the files are of little consequence or not worth the effort, then your technician can remove the virus and get the computer working again, but the data could be lost forever. Occasionally, the good men and women of the various cybercrimes divisions in agencies such as the FBI, Interpol, or alternatively, the employees of various companies specializing in data security, expose a vulnerability in the encryption or manage to obtain a set of decryption keys with which previously encrypted files could be returned to normal.
The first version of CryptoLocker was shut down in a joint effort in such a way, and one of the parties managed to obtain the decryption keys so that victims of this attack were able to unlock their data. As such, if you would appreciate the possibility of eventually getting your data back, speak with your technician about saving the encrypted data somewhere long-term, as the potential for this to happen again exists.
There is also the option of paying the ransom, however such a prospect is usually expensive (in the order of several hundred dollars) and is not guaranteed to work. In addition to this, if one chooses to pay, it can be difficult even to execute such a payment as often the virus maker will request Bitcoin, or some other form of anonymous cryptocurrency, which can be difficult to acquire and transfer. There is also the distinct possibility that any ransom paid could go to the funding of either terrorist organizations, or at the very least, supporting such cyberattacks in the future.
Prevention and Safeguards
Unfortunately, at the present time, the best way to deal with this type of threat is not to run into it at all. Keeping an up to date antivirus, maintaining good browsing habits, and always reading the screen before you click “accept” should improve your chances.
Preferably, an antivirus providing real time protection should be considered, since these types of viruses are the types that need to be stopped at the gate. Once they get in, it could very well be too late.
Besides this, data backup is paramount. There is no such thing as a perfect defense, and when something does get through and wreak havoc, you will want to know that your data is safe. In some cases, even data backups can be affected, so it’s good to use your local technicians as resources to finding the best strategy for your situation.